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ABOUT THE EGBA STANDARDS 


The European Gaming and Betting Association (“EGBA”) 
recognises the importance of ensuring that its Members 
operate and manage remote gaming and betting 
activities in a responsible, secure, safe and reliable 
environment. Consequently, the EGBA and its Members 
have investigated industry best practice, leading 
jurisdiction and state monopoly standards for the 


The ensuing EGBA Framework, Principles and Standards 
incorporate this effort and is required to be adopted by 
all EGBA members to demonstrate commitment to a 
transparent and regulated industry. This commitment is 
underpinned further by a rigorous independent 
assessment of EGBA Members that is performed 
annually in order to substantiate compliance. Bearing 


appropriate Standards to operate within, to ensure that 
the interests of its customers, industry stakeholders and 
regulators are protected. 


this in mind, the EGBA Standards contained in this 
document are not meant to replace but rather 
complement the legislative requirements imposed by 
licensing jurisdictions. 


PRINCIPLES ON WHICH EGBA STANDARDS ARE BASED 


The term "Principle" is used extensively within the 
confines of this document and is therefore briefly 
explained. A "Principle" sets the directive from which a 
set of Standards can be derived. The Principles to which 
each EGBA Member subscribe and which forms the basis 
of the resultant EGBA Standards contained within this 
document are referred to below. 


PRINCIPLE 1 — PROMOTE RESPONSIBLE GAMBLING AND BETTING 
The EGBA Members are committed to promoting socially responsible gambling and betting, and working with 
customers, employees and relevant industry stakeholders to help manage and control problem gambling. EGBA 
Members will ensure that proper controls are established, implemented, and enforced, and that gambling and 
betting takes place in a responsible gaming and betting environment. 


PRINCIPLE 2 — KNOW-YOUR-CUSTOMER AND PREVENT UNDERAGE GAMBLING AND BETTING 
The EGBA Members will seek to implement all reasonable measures that prevent underage individuals from 
accessing gambling and betting products. EGBA Members will ensure these measures address appropriate age 
verification and know-your-customer controls, and with help from industry stakeholders and governments, 
continuously improve the coverage, quality and effectiveness of real-time verification. 


PRINCIPLE 3 — ZERO TOLERANCE OF FRAUDULENT AND CRIMINAL BEHAVIOUR 
The EGBA Members will not tolerate fraud or criminal behaviour, and strict security measures and gaming 
supervision will be implemented and enforced to prevent fraudulent activity and any transactions suspected of 
being potentially connected to money laundering or other criminal activity. 


PRINCIPLE 4 -PROTECT CUSTOMER PRIVACY AND SAFEGUARD INFORMATION 


EGBA Members will ensure that the privacy and confidentiality of all customer information submitted at any point 
in time is maintained and protected from unauthorised or unnecessary disclosure. 


PRINCIPLE 5 -PROMPT AND ACCURATE CUSTOMER PAYMENTS 
EGBA Members will ensure prompt and accurate processing of winnings and payment requests, subject to 


appropriate and necessary checks and verification. 


PRINCIPLE 6 -RIGOROUS INDEPENDENT ASSESSMENT OF PRODUCT FAIRNESS AND RANDOMNESS 


The EGBA Members are committed to ensuring that gaming and betting products are subjected to continuous and 
rigorous independent assessment to ensure products continue to operate in a fair and random manner, and in 


accordance with published rules. 


PRINCIPLE 7 —ETHICAL AND RESPONSIBLE MARKETING 


EGBA Members will endeavour to employ well balanced advertising and marketing campaigns in line with 


responsible gaming and conduct Principles. 


PRINCIPLE 8 -COMMITMENT TO CUSTOMER SATISFACTION AND SUPPORT 


The EGBA Members are committed to providing customers with an enjoyable gaming experience with access to 
24/7 support, where they can be assured of timely resolution of disputes. 


PRINCIPLE 9 — RESPONSIBLE PRACTICES UNDERPINNED BY A SECURE, SAFE AND RELIABLE ENVIRONMENT 


EGBA Members will operate gaming and betting products within an internal control environment that is in line 
with best practice and which supports the objectives of a secure, safe and reliable environment. 


THE COMMITMENT FROM EGBA MEMBERS 


The EGBA Framework, Principles and Standards have 
been established to provide senior management within 
each EGBA Member with the necessary direction and 
support to sustain the goals of a transparent and 
regulated industry. Each EGBA Member agrees and 
grants its full support and commitment to operate and 
enforce the Principles and Standards as outlined in this 
document, and to operate within the required 
Framework. 


LEGISLATIVE REQUIREMENTS 


Where legislative requirements imposed by licensing 
jurisdictions conflict with these Standards, compliance 
with the licensing jurisdictions’ requirements takes 
precedence. 


REVISED STANDARDS 


Revised Standards are those Standards which have been 
recently approved by the EGBA Board, and Members 
are provided with a reasonable grace period in which to 
implement these Standards. On expiry of the grace 
period, these Standards will be included in the next 
annual audit of compliance. 


This commitment extends to allow for an annual audit 
of compliance with the Standards by an independent 
and professional third party, and the reporting of 
findings to the EGBA board. 


However, if an EGBA Standard provides a greater degree 
of customer protection than a jurisdiction requirement, 
while still complying with the jurisdiction's legislation, 
then the Standard shall be implemented. 





EGBA FRAMEWORK 


THE FRAMEWORK IN WHICH EGBA MEMBERS OPERATE 


The diagram below sets out the Framework within which the EGBA and its Members operate to design, implement 
and continuously monitor and enforce compliance with its objectives, and resultant Standards. 
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EGBA objectives 


The EGBA identified a set of objectives to govern and set a mandate for the identification and establishment of the 
EGBA Principles and resultant Standards. Through thorough analysis of the objectives, the EGBA was able to identify 
and establish those Principles which would demonstrate that it is each EGBA Members objective to: i) Ensure that 
customer and stakeholder confidence in the industry is preserved; ii) Operate in accordance with best practice 
requirements and regulatory standards; iii) Address the perceived areas of concern raised in jurisdictions where a 
formal regulatory framework does not exist, or where only monopolies operate; and iv) Substantiate commitment and 
compliance by consenting to rigorous annual independent assessments. 


Design and implementation 


The EGBA Framework requires each EGBA Member to implement a foundation that consists of four components that 
each provide support to the objectives underlying the Standards: Senior Management Commitment, Risk 
Management, Training and Awareness, and Monitoring and Enforcement. 


Senior Management Commitment: An important facet to ensure continuous compliance with the EGBA Standards, is 
to ensure that a senior management representative is appointed by each EGBA Member to take ultimate 
responsibility for ensuring adequate financial and political support for the implementation of the required practices 
within the relevant organisation(s). 


Risk Management: Risks to industry stakeholders and EGBA Member operations are constantly changing, being 
influenced by internal and external conditions. Each EGBA Member’s risk profile may differ depending on its operating 
environment. It is necessary that risks are managed according to each EGBA Member's risk profile and that the 
effectiveness of controls to manage such risks are revisited on a regular basis. 


Training and Awareness: The level of compliance with the EGBA Standards is largely dependent on the competence 
and expertise levels of the employees within each EGBA Member. For this reason, internal and external training and 
awareness programmes, targeted at key risk areas, are required to be conducted regularly to ensure that appropriate 
practices are communicated to employees. 


Monitoring and Enforcement: Compliance with the EGBA Standards is mandatory and will be monitored and enforced 
on a regular basis. Apart from independent monitoring and enforcement, EGBA Members are responsible for 
employing periodic self-audits to monitor compliance with the EGBA Standards. 


Independent monitoring and enforcement 


A crucial component of the EGBA Framework is to ensure that the EGBA Member operates within the confines of the 
framework, and in compliance with the Standards which is annually and independently verified, and reported on. For 
this reason, an independent organisation, eCOGRA’, has been appointed with the objective of performing risk-based 
audits of EGBA Members against the Standards. 


The formal process is based on audit work programs to ensure the work is consistently performed and documented. 
Findings are reported to senior management, and 100% compliance is required in all areas. Further governance and 
independence to the process is achieved by annually reporting the results to eCOGRA’s Independent Compliance 
Committee before final submission of reports to the EGBA Board. 


By operating in accordance with this framework and the Principles, the EGBA Members are able to demonstrate that 
the interests of its customers, industry stakeholders and regulators are protected. 





* eCOGRA is an independent standards authority for the online gambling industry, and provides an international framework of best operational 
and player practice requirements enforced through continuous monitoring. For more information visit www.ecogra.org. 





EGBA STANDARDS 


PROMOTE RESPONSIBLE GAMBLING AND BETTING 


The EGBA Members are committed to promoting socially responsible gambling and betting, and working with 
customers, employees and relevant industry stakeholders to help manage and control problem gambling. EGBA 
Members will ensure that proper controls are established, implemented, and enforced, and that gambling and 
betting takes place in a responsible gaming and betting environment. 


PLAYER PROTECTION INFORMATION 


1.1 The homepage of Member websites shall contain a clear link to the responsible 
gambling and betting page, which shall contain the following: 

1.1.1 A warning that gambling and/or betting could be harmful if not 
controlled and kept in moderation. 

1.1.2 Advice on responsible gambling and betting, and a link to sources of 
help, including helpline numbers. 

1.1.3 An accepted and simple self-assessment process to determine risk 
potential. 

1.14 A list of customer protection measures that are available on the site 
and details of how to access to these measures. 

1.1.5 Links to problem gambling and betting information and qualified 
advisory services where available in those territories where the 
Member actively markets its products. 

1.1.6 A brief statement of the Member's commitment to responsible 
gambling. 

1.2 The homepage of Member websites shall contain a clear link to the website of 
at least one organisation qualified to assist problem gamblers. 

1.3 Gaming and betting software shall contain a clear reminder to the customer 
about responsible gambling and betting, and a link to the responsible gambling 
and betting page. 

1.4 Promotional material shall not be displayed on the Member's responsible 
gambling and betting page. 

1.5 Messages of a Member's support for the provision of problem gambling 
treatment, research or educational initiatives should not be misleading. 

1.6 Direct communication with the customer shall carry a responsible gambling and 
betting message, where practical. 

1.7 Free play games websites shall provide links to the same age restriction, 
responsible gambling and betting, and player protection information as the real 
money sites. 


SETTING LIMITS 


1.8 In an attempt to mitigate problem gambling, customers shall be able to request 
the setting of betting/deposit limits. 

1.9 There should be a clear link from the deposit page to the facility to set deposit 
limits and/or to the Responsible Gambling page. 

1.10 Customers shall be able to request the setting of their own deposit limits per 
day, week and month. 

1.11 Members shall have systems in place to deal with deposit limit requests in 


1.12 


1.13 


1.14 


1.15 


1.16 


1.17 


1.18 


1.19 


1.20 


1.21 


1.22 


1.23 


1.24 


timely manner. 


If a customer wants to increase a deposit limit previously set, a minimum 
waiting period of 24 hours shall apply. 
A request to decrease a deposit limit shall be implemented immediately. 


Members’ procedures for self-exclusion and temporary cooling-off shall be 
clearly communicated on the website. Procedures shall clearly state the 
conditions of self-exclusion. 

Customers shall be given the opportunity to self-exclude or cool-off by 
contacting customer services or requesting self-exclusion, or cooling off via the 
Member's website. 

Once the customer has selected the self-exclusion option, the account shall be 
locked and any funds in the account paid out, subject to appropriate and 
necessary checks and verifications. 

Members shall offer customers the ability to self-exclude from gambling and 
betting activity and best endeavours shall be made to prevent marketing to 
these customers. 

A third party making an application for a customer’s exclusion shall be properly 
identified. Based on the circumstances and merit, the appropriate manager may 
give due consideration to the course of action. 

Members shall offer customers a "cooling-off" exclusion period from gambling 
and betting activity, and best endeavours shall be made to prevent marketing to 
these customers. 

Training shall be provided to customer service employees to ensure the prompt 
and efficient handling of correspondence relating to self-exclusion and cooling 
off. 


Members shall not provide credit to customers - specifically, Members may not 
permit a customer to wager, win and receive a payout where the funding of that 
wager is obtained from the Member other than through existing client funds or 
the provision of a promotion or bonus. 


A clearly visible clock shall be available for use by the customer at all times. 


The denomination of each credit shall be clearly displayed on the games screen 
and the currency unit should be clearly stated where multiple currency game 
play is available. 

Customers shall be provided with remote access to their account history dating 
back for a minimum period of 60 days, and offline access dating back for a 
minimum period of 6 months, including all deposits, withdrawals, wagers, wins, 
losses, fees and bonuses. 


SETTING LIMITS 


SELF EXCLUSION OPTIONS 


PLAYING WITH CREDIT 


REALITY CHECKS 


SOCIALLY RESPONSIBLE BEHAVIOUR 


SOCIALLY RESPONSIBLE BEHAVIOUR 


1.25 Training shall be provided to appropriate employees on the issues of problem 
gambling and betting, and refresher courses shall be undertaken as and when 
needed. 

1.26 Members shall contribute towards the EGBA’s research efforts into the 
prevention and treatment of problem gambling and betting. 

1.27 The EGBA and its Members shall annually participate or hold a responsible 
gaming and betting conference to educate and allow exchange of ideas. 

1.28 A designated senior management staff member shall be appointed by each 
Member to assume responsibility for the implementation and monitoring of 
responsible gambling and betting practices. 

1.29 Relevant third party and business partner contractual terms and conditions shall 
provide the Member the right to terminate the contract where that third party's 
conduct conflicts with the Member's responsible gaming and betting program. 

1.30 Foreign language websites shall provide all information concerning age limits, 
responsible gambling and betting, and player protection in the relevant foreign 
language. 





EGBA STANDARDS 





KNOW-YOUR-CUSTOMER AND PREVENT UNDERAGE GAMBLING AND BETTING 


The EGBA Members will seek to implement all reasonable measures that prevent underage individuals from 
accessing gambling and betting products. EGBA Members will ensure these measures address appropriate age 
verification and know-your-customer controls, and with help from industry stakeholders and governments, 
continuously improve the coverage, quality and effectiveness of real-time verification. 


UNDERAGE INFORMATION 


2.1 The homepage of the Member's websites shall prominently display a ‘no under 
18’s’ or ‘no under 21’s’ sign (as appropriate for the jurisdiction concerned), 
which links through to a clear message about underage play. 

2.2 | The Member’s website terms and conditions shall state that no player below the 
legal age of gambling is permitted to participate in remote gaming and betting 
activities. 

2.3 Best endeavours by the EGBA Members shall be made to prevent advertising in 
media that is targeted towards underage individuals, and shall not portray 
anyone underage in any gaming or betting adverts or promotional material. 

2.4 The registration process shall include a clear message regarding underage play. 

2.5 The Member's responsible gambling and betting page shall provide a link to a 
recognised filtering programme to enable customers/parents to prevent minors 
from accessing gambling and betting sites. 

2.6 Members shall have a clear documented policy which is applicable in the event 
that an underage individual is identified. 

2.7 If registration is required prior to potential customers being allowed to “Play for 
Free”, the Member’s registration process shall include confirmation of age. . 

2.8 Free play sites should not award cash or cash equivalents unless the customers 
have been successfully age verified. 


AGE AND IDENTITY VERIFICATION 


2.9 The EGBA and its Members shall consider any credible third party age 
verification service providers and, to the extent available, will seek to use third 
party age verification services on par with state monopolies, where feasible and 
available. 

2.10 The EGBA and its Members shall work with "leading" verification service 
providers to improve coverage and quality of verification services available. 

2.10 The EGBA shall encourage governments to provide access to a wider range of 
databases to improve verification capabilities. 

2.11 Age and customer verification shall be conducted in accordance with a formal 
documented process, and shall include Member and third party verification 
checks, where feasible and available. 


SOCIALLY RESPONSIBLE MEMBERS 


2.12 


2.13 


2.14 


2.15 


SOCIALLY RESPONSIBLE MEMBERS 


Underage gambling and betting shall be regularly monitored by conducting 
frequent checks of users to ensure compliance with age restrictions. 

EGBA Members shall immediately close the account of any underage or 
suspected underage person found to have accessed its services. 

The Member should have in place an appropriate system for refunding the value 
of all deposits should a person, subsequent to registration, be identified as an 
underage individual. 

Training shall be provided to all employees involved in the Member’s age 
verification process, including training on the process to follow in the event that 
instances of a need for additional verification are identified. 





EGBA STANDARDS 


ZERO TOLERANCE OF FRAUDULENT AND CRIMINAL BEHAVIOUR 


The EGBA Members will not tolerate fraud or criminal behaviour, and strict security measures and gaming 
supervision will be implemented and enforced to prevent fraudulent activity and any transactions suspected of 
being potentially connected to money laundering or other criminal activity. 


RESPONSIBLITY AND OWNERSHIP FOR ANTI-MONEY LAUNDERING 


3.1 EGBA Members shall implement an anti-money laundering and combating 
financing of terrorism policy approved and supported by its senior management 
which will provide reasonable security measures to prevent transactions which 
are potentially connected to money laundering and the financing of terrorism. 

3.2 EGBA Members shall appoint a person or persons with responsibility for 
implementing and ensuring effectiveness of anti-money laundering and 
combating financing of terrorism systems. 

3.3 Anti-money laundering and combating financing of terrorism policies and 
procedures shall cater for the identification, escalation and reporting of unusual 
or suspicious activities, including investigating material or unusual deposits, 
withdrawals and customer accounts where little or no gaming or betting activity 
takes place. 

3.4 The fraud and anti-money laundering practices implemented by EGBA Members 
shall make provision for appropriate know your customer verification and/or 
customer due diligence processes. 

3.5 Training and guidance shall be provided to employees on the Member's policy 
to ensure the prompt identification, escalation and reporting of fraud and anti- 
money laundering and combating financing of terrorism practices. 

3.6 Money laundering and combating financing of terrorism control requirements 
between Members and service providers shall be clearly defined. 


DETECTING CRIMINAL BEHAVIOUR 


3.7 No deposits or payouts shall be made to a customer's account if there is reason 
to suspect money laundering or terrorist activity unless authorised by the Anti- 
Money Laundering Reporting Officer. Where the deposit or payout exceeds 
€2,000 (whether in a single transaction or a series of transactions which appear 
to be linked), no payment may be made until the customer has been positively 
identified. 

3.8 All information regarding changes to customer details shall be logged and 
appropriate verification documentation shall be requested for significant 
changes (e.g. changes to customers’ names and banking details). 


DETECTING CRIMINAL BEHAVIOUR 


3.9 Funds should be remitted by the Member to the customer only to the same 
payment mechanism from which the funds originated, except where changes to 
the payment mechanism are substantiated, and where such funds are 
withdrawn in a licensed gambling establishment which adheres to the relevant 
anti-money laundering laws that are applicable in the relevant jurisdiction. 

3.10 No physical cash or non-electronic methods of payment shall be used to fund an 
account. 

3.11 Transfers of funds between customer accounts shall be conducted through a 
formal documented process in compliance with the Member’s anti-money 
laundering and combating financing of terrorism policy. 

3.12 The Member's terms and conditions shall declare controls applicable over funds 
transferred between customers. 


REPORTING OF CRIMINAL AND SUSPICIOUS ACTIVITIES 


3.13 The EGBA Member's anti-money laundering and combating financing of 
terrorism practices shall include the provision of suspicious transaction reports 
to the relevant national financial investigation unit and international 
institutions. 

3.14 A legal disclaimer shall be displayed on the Member's web site stating that any 
criminal or suspicious activities may be reported. 

3.15 All employees should be made aware of their personal obligations to detect and 
report criminal and suspicious behaviour. All employees must be aware of the 
dangers of ‘tipping-off’ and the procedures to be followed to ensure it does not 
happen. 


RETENTION OF RECORDS RELATING TO ANTI-MONEY LAUNDERING 


3.16 Customer verification documents shall be retained in accordance with the 
retention requirements of the Member's jurisdiction. 

3.17 Records of customer financial transactions shall be retained in accordance with 
the retention requirements of the Member's jurisdiction. 
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PROTECT CUSTOMER PRIVACY AND SAFEGUARD INFORMATION 


EGBA Members will ensure that the privacy and confidentiality of all customer information submitted at any point 
in time is maintained and remains protected from unauthorised or unnecessary disclosure. 


CUSTOMER PRIVACY AND CONFIDENTIALITY 


4.1 Confidential customer information submitted at any point in time shall be 
protected from unauthorised or unnecessary disclosure. 

4.2 Customer credit card numbers stored on the system shall be secured from 
unauthorised use. 

4.3 Members shall display and maintain a privacy policy on their websites. 


4.4 The Member's privacy policy shall state the minimum information that is 
required to be collected, the purpose for information collection, the conditions 
under which information may be disclosed and the controls in place to prevent 
the unauthorised or unnecessary disclosure of the information. 

4.5 Foreign language websites shall display the Member's privacy policy in the 
relevant foreign language. 

4.6 Terms and conditions that require acceptance from customers during 
registration shall clearly state the Member's privacy policy. Customer consent of 
the terms and conditions is required prior to successful registration. 

4.7 Customers shall be provided access to their confidential information and shall 
be permitted to request changes to inaccurate information. 

4.8 The Member shall take all reasonable steps to ensure that any information 
supplied by customers is kept up to date. 

4.9 Director, officer and employee contracts shall contain a "confidentiality" clause 
prohibiting the unauthorised or unnecessary disclosure of customer 
information. 
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PROMPT AND ACCURATE CUSTOMER PAYMENTS 


EGBA Members will ensure prompt and accurate processing of winnings and payment requests, subject to 
appropriate and necessary checks and verification. 


5.1 


5.2 


5.3 


5.4 
5.5 


5.6 


5.7 


5.8 


5.9 


5.10 


5.11 


5.12 


5.13 


5.14 


5.15 


Customer registration shall require the customer to provide the following 
minimum information: name, age, address and unique username and password 
details. 

Registration, deposit and withdrawal procedures and conditions shall be clearly 
communicated to customers. 

The Member’s website terms and conditions shall state that only customers 
legally permitted by their jurisdiction can participate in gambling and betting 
activities. 

Members shall keep a secure list of all registered customers. 


Customers shall only be permitted to open one account. 


CUSTOMER REGISTRATION 


PROCESSES AND INFORMATION REQUIRED FOR PAYMENTS TO CUSTOMERS 


EGBA Members shall ensure prompt and accurate processing of payments 
subject to appropriate and necessary checks and verifications. 

Payments to and from customers shall be conducted according to a formal 
documented process. 

Payments to customers shall be conducted within 7 days of receipt of the 
request and verification. 

The detection and correction of timeout receipts shall be conducted in 
accordance with a formal documented process. 

All information regarding receipts and payments shall be logged and retained by 
the applicable parties in accordance with the retention requirements of the 
Member's licensing jurisdiction. 

Financial reconciliations performed for payments and receipts shall be reviewed 
and approved. 

Customer account related queries shall be promptly addressed. 


LOCKING OF CUSTOMER ACCOUNTS 


The locking of customer accounts shall be conducted through a formal 
documented process. 

Any uncontested funds left in an account, previously de-activated by the 
Member, shall be remitted to the owner of the funds, upon request and subject 
to published terms and conditions. 


SAFEGUARDING CUSTOMER FUNDS 


The Member's liability for customer balances, pending cash-ins and guaranteed 


5.16 


5.17 


SAFEGUARDING CUSTOMER FUNDS 


prizes should be separately identifiable at any point in time, and Members 
should demonstrate sufficient cash and cash equivalents to pay these balances. 


INACTIVE CUSTOMER ACCOUNTS 


If the Member adopts a policy of clearing inactive customer accounts, then 
customers shall be informed prior to clearing of the account, and this policy 
shall be clearly stated in the Member's terms and conditions. 

Records shall be maintained for all customer accounts that have been cleared, 
and any customer requesting a cashout from an account that has been cleared 
shall be settled according to the Member's terms and conditions. 
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RIGOROUS INDEPENDENT ASSESSMENT OF PRODUCT FAIRNESS AND RANDOMNESS 


The EGBA Members are committed to ensuring that gaming and betting products are subjected to continuous and 
rigorous independent assessment to ensure products continue to operate in a fair and random manner, and in 
accordance with published rules. 


RESPONSIBILITY AND OWNERSHIP FOR FAIRNESS AND RANDOMNESS OF PRODUCTS 


6.1 EGBA Members shall implement a product testing policy, approved and 
supported by its senior management, which will provide for the testing of all 
products for fairness and randomness. 

6.2 The policy shall make provision for the internal and external testing of product 
fairness and randomness. 

6.3 Testing of fairness and randomness of products shall be conducted prior to, and 
subsequent to the operation of the games and/or betting products. 

6.4 All major changes shall be individually tested and a system-wide regression test 
shall be completed annually. 

6.5 Random number generators used in products shall be tested at minimum, 
annually. 


PRODUCT RANDOMNESS TESTING 


6.6  Theresults of games must be random, except where clearly disclosed if different 
game-rules apply. 

6.7 The output obtained through the use of the random number generator (“RNG”) 
in games shall be proven to be: 

6.7.1 Statistically independent. 
6.7.2  Uniformly distributed over their range. 

6.8 | The RNG shall pass generally accepted statistical tests for randomness 
(uniformity and independence). 

6.9 The method used for seed-set generation shall be described (without disclosing 
intellectual property rights) in adequate detail to enable an assessment of the 
methodology applied. 

6.10  Re-seeding shall not be performed in a manner that results in a predictable 
output. 

6.11 Wagering activity for slot games shall be distributed amongst an acceptable 
population of customers. 

6.12 Significant wins for slot games shall be verified and distributed among an 
acceptable population of customers. 

6.13 Where a game simulates a physical device: 

6.13.1 The visual representation of the device must correspond to the 
features of the physical device. 

6.13.2. The probability of any event occurring shall be as for the actual physical 
device except where deviations are clearly displayed to the customers. 
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PRODUCT RANDOMNESS TESTING 


Where the game simulates multiple physical devices that would be expected to 
be independent of one another, each simulated device shall be independent of 
the other simulated device. 

Where the game simulates physical devices that have no memory of previous 
events, the behaviour of the simulations shall be independent of the behaviour 
of previous simulations. 


PAYOUT PERCENTAGE TESTING 


Payout percentage reviews shall be conducted on a monthly basis to verify the 
actual return to the customer against the theoretical/estimated return. 

The financial data log files should be reconciled to movements on the accounts 
to ensure accuracy and completeness of data used in final result output-based 
payout percentage and RNG testing. 

The theoretical statistical return percentage for a particular game type shall be 
no less than that of the equivalent game in free play mode. 


Game rules should be date stamped and made available to the customer at all 
times. 

The game pay tables should be available to the customer during games of 
chance. 

Foreign language websites shall aim to provide assistance and guidance to all 
customers on foreign language related queries, where possible. 

The design and operation of games shall be strictly in accordance with the 
specified game rules, and shall not deviate from those rules. 

Changes to rules and pay tables shall not be retrospective in their effect. 


"Near-miss" game results shall not be falsely displayed by substituting one losing 
outcome with a different losing outcome. 

“Play for free” offerings shall not mislead customers. A Member offering both 
“olay for free” and “play for gain” games shall ensure that the “play for free” 
reflects the odds, rules and behaviour of the “play for gain”. 


GAME RULES 


ANTI-COLUSSION AND ANTI-DECEPTION MEASURES 


Preventative and detective controls or technology shall be in place to ensure 
that the prospect of cheating through collusion (external exchange of 
information between different customers) is prevented. 

Poker rooms shall not utilise software (for example poker robots that play poker 
online with no or minimal human intervention) or other means to simulate 
increased customer activity or provide misleading information about a site’s 
popularity. 

Poker rooms shall not permit the use of robots or other devices by customers 
with a view to providing them with an advantage over other customers, and 
shall be vigilant in monitoring and stopping the use of these robots and devices. 
Effective risk control mechanisms should be in place for managing events 
offered, bet sizes and prices, taking into consideration available cash and cash 
equivalents. 

For sportsbetting there should be procedures for identifying suspicious betting 
transactions and patterns which might pose a threat to the sport’s integrity or 


ANTI-COLUSSION AND ANTI-DECEPTION MEASURES 


an offence of cheating. Where a threat is identified there should be a procedure 
for notifying the relevant sporting body or Regulatory Authority in line with 
applicable data protection requirements. 
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ETHICAL AND RESPONSIBLE MARKETING 


EGBA Members will endeavour to employ well balanced advertising and marketing campaigns in line with 
responsible gaming and conduct Principles. 


RESPONSIBLE MEMBER ADVERTISING AND MARKETING 


7.1 Advertisements shall contain factually correct information and shall not be false 
or misleading, particularly with regard to customer winnings. 

7.2 Advertisements shall not entice the underage to gamble or bet, and shall not be 
displayed in media that is clearly targeted at the underage. 

7.3 | Customers should not be encouraged to chase their losses or re-invest their 
winnings and at no time should it be suggested that gambling is a means of 
solving financial difficulties. 

7.4 | Advertisements and promotional content shall be within the spirit of 
responsible gambling. 

7.5 Advertisements shall not contain a misrepresentation that is likely to cause 
damage to the business or goodwill of another person. 

7.6 A Member shall not knowingly engage in the distribution of unsolicited 
advertisement (i.e. SPAM) either directly or through a third party. 

7.7 Email, SMS and bonus advertisements shall have an unsubscribe, or opt out, 
facility. 

7.8 The Member should not abuse its relationship with the customer by any 
unauthorised activity on the customer's computer system. 

7.9 Terms and conditions applicable to promotional activities shall be clearly 
displayed and shall not be unreasonably altered subsequent to the wagering 
activity. 

7.10 Promotional terms and conditions shall include the last date and time published. 


RESPONSIBLE THIRD PARTY ADVERTISING AND MARKETING 


7.11 Members shall ensure that an affiliate and/or third party performing 
advertisements on their behalf is aware of and takes appropriate steps to abide 
by the EGBA Standards. 

7.12 If the Member becomes aware of an affiliate and/or third party behaving in a 
manner that contravenes these EGBA Standards, the Member shall take 
reasonable steps to ensure that the affiliate ceases that behaviour or that the 
affiliate and/or third party contract is terminated. 

7.13 Direct advertisements and promotional communication with the customer shall 


carry a no under 18's or no under 21's warning where practical. 


EGBA STANDARDS 





COMMITMENT TO CUSTOMER SATISFACTION AND SUPPORT 


The EGBA Members are committed to providing customers with an enjoyable gaming experience with access to 
24/7 support, where they can be assured of timely resolution of disputes. 


8.1 


8.2 
8.3 


8.4 


8.5 


8.6 


8.7 


CUSTOMER SUPPORT AND DISPUTE RESOLUTION 


Contact information for complaints and dispute resolution shall be readily 
accessible on the EGBA Member websites. 

Customers shall be able to log complaints and disputes on a 24/7 basis. 

Foreign language websites shall aim to provide assistance and guidance to all 
customers on foreign language related complaints and disputes, where possible 

The resolution and escalation of customer complaints shall be conducted in 
accordance with a formal documented process. 

Members shall keep records of all customer correspondence relating to a 
complaint and dispute. 


THIRD PARTY DISPUTE RESOLUTION 


An independent third party shall be available for mediation or resolution of 
disputes received from Members or their customers. 

The third party shall be required to keep record of all customer correspondence 
relating to a dispute. 





EGBA STANDARDS 





RESPONSIBLE PRACTICES UNDERPINNED BY A SECURE, SAFE AND RELIABLE ENVIRONMENT 


EGBA Members will operate gaming and betting products within an internal control environment that is in line 
with best practice and which supports the objectives of a secure, safe and reliable environment. 


GOVERNANCE AND ACCOUNTABILITY STRUCTURE 


9.1 EGBA Members shall appoint a Compliance Officer, who will assume ultimate 
responsibility for compliance with the controls specified within the EGBA 
Standards. 

9.2 The appointed Compliance Officer shall have the required authority within the 
Member organisation to ensure processes, policies and procedures required for 
compliance are established, implemented and maintained. 

9.3 The appointed Compliance Officer shall ensure that training and awareness 
programmes, specified within the EGBA Standards, are conducted on an annual 
basis or more frequently if required within the Member organisation. 


INDEPENDENT MONITORING AND REPORTING STRUCTURE 


9.4 EGBA Members shall commit to an annual review of their operations by an 
independent third party to assess compliance with the EGBA Standards. 

9.5 The appointed Compliance Officer shall have the responsibility and authority to 
annually report compliance with the EGBA Standards to senior management. 

9.6 The independent third party shall be required to annually report Member 
compliance to the EGBA Board. 


FINANCIAL AND RECORD KEEPING ENVIRONMENT 


9.7 EGBA Members shall commit to an annual audit of financial statements and 
accounts performed by a reputable external Audit Firm. 

9.8 EGBA Members shall keep records in a manner that will allow the timely 
preparation and audit of financial statements and accounts. 

9.9 EGBA Members shall keep financial transaction records in accordance with the 
retention requirements of the relevant jurisdiction. 


LEGAL AND REGULATORY ENVIRONMENT 


9.10 EGBA Member websites shall display the name of the Member and the address 
of its registered office. 

9.11 EGBA Members shall have a legal operating license from a reputable European 
regulatory authority. 

9.12 EGBA Member websites shall prominently display the licensing jurisdiction from 
which gambling and betting activities are conducted. 

9.13 EGBA Members shall appoint a Compliance Officer, who will assume ultimate 
responsibility for compliance with the licensing jurisdiction’s requirements, as 


LEGAL AND REGULATORY ENVIRONMENT 


necessary. 

9.14 EGBA Member websites shall prominently display date stamped contractual 
terms and conditions applicable to gambling activities, which should be available 
to print or download at any time. 


INFORMATION SECURITY ENVIRONMENT 


9.15 Security policies and procedures shall be documented and communicated to 
relevant employees, and reviewed at least annually or in the event of material 
changes. 

9.16 Security policies and procedures shall be implemented and monitored. Risk- 
based internal and external security reviews shall be conducted at least annually 
or in the event of material changes. 

9.17 Physical security perimeters should be in place to restrict access to authorised 
personnel to areas that contain information and information processing facilities 
and to reduce the risk of environmental threats and hazards to equipment. 

9.18 Relevant third party and business partner contractual terms and conditions 
should cover all appropriate security requirements. 

9.19 Virus scanners and/or detection programs shall be installed on all pertinent 
information systems. These programs shall be updated regularly to scan for new 
strains of viruses. 

9.20 Controls shall be in place for changes to information processing facilities and 
systems in order to reduce the risk of security or system failures. 

9.21 All customers shall be verified through the use of an account 
identifier/password pair, or by any other means that provide equal or greater 
security (e.g. digital certificates), prior to being permitted to participate in 
gambling and betting activities. 

9.22 All customer deposit, withdrawal or adjustment transactions shall be subject to 
strict security control and shall be maintained in a system audit log. 

9.23 All system users shall have their identity verified with an account identifier / 
password pair, or by any other means that provide equal or greater security, 
prior to being permitted to access the system. All system user actions should be 
logged. 

9.24 Information involved in online transactions should be protected to prevent 
incomplete transmission, mis-routing, unauthorised message alteration, 
unauthorised disclosure, unauthorised message duplication or replay. 

9.25 A policy on the use of cryptographic controls for protection of information 
should be developed and implemented. 


BUSINESS CONTINUITY AND DISASTER RECOVERY 


9.26 Backup and recovery procedures shall be in place to ensure data and information 
(e.g. logs and financial information) are backed up on a regular basis and can be 
restored in the event of a disaster. 

9.27 Critical data and information shall be backed-up and secured off-site on a daily 
basis. 

9.28 Backup and disaster recovery responsibilities and procedures between software 
providers and Members shall be clearly defined. 

9.29 All information required for completing an incomplete game shall be 
recoverable by the system. 

9.30 The system shall enable customers to complete interrupted games, within a 


9.31 


9.32 


9.33 


9.34 


9.35 


9.36 


BUSINESS CONTINUITY AND DISASTER RECOVERY 


reasonable timeframe, whether from loss of communication with the end-player 
device or an event on the system. 

All transactions involving customer funds shall be recoverable by the system in 
the event of a failure or malfunction. 

If a Member has reason to believe or to suspect that an interruption has been 
caused, or a transaction affected by illegal activity, the Member may withhold 
payment pending further investigation. 


SOFTWARE DEVELOPMENT AND MAINTENANCE 


A development methodology for software and applications shall be defined, 

documented and implemented. 

All documentation relating to software and application development shall be 

available and retained for the duration of its lifecycle. 

Change control procedures shall be implemented in line with the change 

management policy and shall cater for the following: 

9.35.1 Approval procedures for changes to software. 

9.35.2 A policy addressing emergency change procedures. 

9.35.3 Procedures for testing and migration of changes. 

9.35.4 Segregation of duties between the developers, quality assurance team, 
the migration team and users. 

9.35.5 Procedures to ensure that technical and user documentation is updated 
as a result of a change. 

9.35.6 Procedures to ensure that security control requirements are specified 
for new information systems, or enhancements to existing information 
systems. 

The development and test environment must be isolated physically and logically 

from the live operational systems. 





ADDENDUM A 


REVISED STANDARDS 


The following Standards have been recently approved by the EGBA Board, and are new or revised Standards to 
those approved in March 2009. 


1.1 The homepage of Member websites shall contain a clear link to the responsible 
gambling and betting page, which shall contain the following: 

1.1.4 A warning that gambling and/or betting could be harmful if not 
controlled and kept in moderation. 

1.1.2 Advice on responsible gambling and betting, and a link to sources of 
help, including helpline numbers. 

1.1.3 An accepted and simple self-assessment process to determine risk 
potential. 

1.1.4 A list of customer protection measures that are available on the site 
and details of how to access to these measures. 

1.1.5 Links to problem gambling and betting information and qualified 
advisory services where available in those territories where the 
Member actively markets its products. 

1.1.6 A brief statement of the Member's commitment to responsible 
gambling. 

1.5 Messages of a Member's support for the provision of problem gambling 
treatment, research or educational initiatives should not be misleading. 

1.9 There should be a clear link from the deposit page to the facility to set deposit 
limits and/or to the Responsible Gambling page. 

1.16 Once the customer has selected the self-exclusion option, the account shall be 
locked and any funds in the account paid out, subject to appropriate and 
necessary checks and verifications. 

1.23 The denomination of each credit shall be clearly displayed on the games screen 
and the currency unit should be clearly stated where multiple currency game 
play is available. 

1.24 Customers shall be provided with remote access to their account history dating 
back for a minimum period of 60 days, and offline access dating back for a 
minimum period of 6 months, including all deposits, withdrawals, wagers, wins, 
losses, fees and bonuses. 

2.8 Free play sites should not award cash or cash equivalents unless the customers 
have been successfully age verified. 

2.15 The Member should have in place an appropriate system for refunding the value 
of all deposits should a person, subsequent to registration, be identified as an 
underage individual. 

3.1 EGBA Members shall implement an anti-money laundering and combating 
financing of terrorism policy approved and supported by its senior management 
which will provide reasonable security measures to prevent transactions which 
are potentially connected to money laundering and the financing of terrorism. 

3.2 EGBA Members shall appoint a person or persons with responsibility for 
implementing and ensuring effectiveness of anti-money laundering and 
combating financing of terrorism systems. 

3.3 Anti-money laundering and combating financing of terrorism policies and 
procedures shall cater for the identification, escalation and reporting of unusual 


3.5 


3.6 


3.7 


3.9 


3.11 


3.13 


3.15 


3.17 


5.10 


5.15 


5.16 


6.17 


6.19 


6.20 


6.29 


6.30 


or suspicious activities, including investigating material or unusual deposits, 
withdrawals and customer accounts where little or no gaming or betting activity 
takes place. 

Training and guidance shall be provided to employees on the Member’s policy 
to ensure the prompt identification, escalation and reporting of fraud and anti- 
money laundering and combating financing of terrorism practices. 

Money laundering and combating financing of terrorism control requirements 
between Members and service providers shall be clearly defined. 

No deposits or payouts shall be made to a customer's account if there is reason 
to suspect money laundering or terrorist activity unless authorised by the Anti- 
Money Laundering Reporting Officer. Where the deposit or payout exceeds 
€2,000 (whether in a single transaction or a series of transactions which appear 
to be linked), no payment may be made until the customer has been positively 
identified. 

Funds should be remitted by the Member to the customer only to the same 
payment mechanism from which the funds originated, except where changes to 
the payment mechanism are substantiated, and where such funds are 
withdrawn in a licensed gambling establishment which adheres to the relevant 
anti-money laundering laws that are applicable in the relevant jurisdiction. 
Transfers of funds between customer accounts shall be conducted through a 
formal documented process in compliance with the Member’s anti-money 
laundering and combating financing of terrorism policy. 

The EGBA Member’s anti-money laundering and combating financing of 
terrorism practices shall include the provision of suspicious transaction reports 
to the relevant national financial investigation unit and international 
institutions. 

All employees should be made aware of their personal obligations to detect and 
report criminal and suspicious behaviour. All employees must be aware of the 
dangers of 'tipping-off' and the procedures to be followed to ensure it does not 
happen. 

Records of customer financial transactions shall be retained in accordance with 
the retention requirements of the Member's jurisdiction. 


All information regarding receipts and payments shall be logged and retained by 
the applicable parties in accordance with the retention requirements of the 
Member's licensing jurisdiction. 

The Member's liability for customer balances, pending cash-ins and guaranteed 
prizes should be separately identifiable at any point in time, and Members 
should demonstrate sufficient cash and cash equivalents to pay these balances. 
If the Member adopts a policy of clearing inactive customer accounts, then 
customers shall be informed prior to clearing of the account, and this policy 
shall be clearly stated in the Member's terms and conditions. 

The financial data log files should be reconciled to movements on the accounts 
to ensure accuracy and completeness of data used in final result output-based 
payout percentage and RNG testing. 

Game rules should be date stamped and made available to the customer at all 
times. 

The game pay tables should be available to the customer during games of 
chance. 

Effective risk control mechanisms should be in place for managing events 
offered, bet sizes and prices, taking into consideration available cash and cash 
equivalents. 

For sportsbetting there should be procedures for identifying suspicious betting 
transactions and patterns which might pose a threat to the sport's integrity or 


7.3 


7.8 


9.14 


9.16 


9.17 


9.18 


9.23 


9.24 


9.25 


9.35 


9.36 


an offence of cheating. Where a threat is identified there should be a procedure 

for notifying the relevant sporting body or Regulatory Authority in line with 

applicable data protection requirements. 

Customers should not be encouraged to chase their losses or re-invest their 

winnings and at no time should it be suggested that gambling is a means of 

solving financial difficulties. 

The Member should not abuse its relationship with the customer by any 

unauthorised activity on the customer’s computer system. 

EGBA Member websites shall prominently display date stamped contractual 

terms and conditions applicable to gambling activities, which should be available 

to print or download at any time. 

Security policies and procedures shall be implemented and monitored. Risk- 

based internal and external security reviews shall be conducted at least annually 

or in the event of material changes. 

Physical security perimeters should be in place to restrict access to authorised 

personnel to areas that contain information and information processing facilities 

and to reduce the risk of environmental threats and hazards to equipment. 

Relevant third party and business partner contractual terms and conditions 

should cover all appropriate security requirements. 

All system users shall have their identity verified with an account identifier / 

password pair, or by any other means that provide equal or greater security, 

prior to being permitted to access the system. All system user actions should be 
logged. 

Information involved in online transactions should be protected to prevent 

incomplete transmission, mis-routing, unauthorised message alteration, 

unauthorised disclosure, unauthorised message duplication or replay. 

A policy on the use of cryptographic controls for protection of information 

should be developed and implemented. 

Change control procedures shall be implemented in line with the change 

management policy and shall cater for the following: 

9.35.1 Approval procedures for changes to software. 

9.35.2 A policy addressing emergency change procedures. 

9.35.3 Procedures for testing and migration of changes. 

9.35.4 Segregation of duties between the developers, quality assurance team, 
the migration team and users. 

9.35.5 Procedures to ensure that technical and user documentation is updated 
as a result of a change. 

9.35.6 Procedures to ensure that security control requirements are specified 
for new information systems, or enhancements to existing information 
systems. 

The development and test environment must be isolated physically and logically 

from the live operational systems. 


